OK,
We are getting sent hundreds of SQL injection attacks and while we are not being compromised I would like to return a 403 response instead of my application server still doing work on these requests.

in the .htaccess file. However, I would like to add it to the httpd.conf file to protect all my sites in one go. I know the above RewriteCond could be better and it will be before I put it live, but I need to know how to do it.

I have added the above rule into the httpd.conf before I declare my virtual hosts and after, neither work. I have also tried:-